Merge remote-tracking branch 'upstream/master'
[ach-master.git] / src / practical_settings / DBs.tex
index 2131b90..b370be1 100644 (file)
@@ -1,15 +1,27 @@
 %%\subsection{Database Systems}
 % This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
 
+%% ---------------------------------------------------------------------- 
 \subsubsection{Oracle}
-\todo{write this}
+\begin{description}
+\item[Tested with Version:] not tested
 
-\subsubsection{SQL Server}
-\todo{write this}
+\item[References:] (German)
+{\small \url{http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}}
+
+Please read the following pages about SSL and ciphersuites:\\
+p. 129 -Req 396 and Req 397 \\
+
+\end{description}
+
+%% ---------------------------------------------------------------------- 
+%%\subsubsection{SQL Server}
+%%\todo{write this}
 
 
 
 
+%% ---------------------------------------------------------------------- 
 \subsubsection{MySQL}
 
 \begin{description}
@@ -36,10 +48,15 @@ ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256
 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
 
 \item[References:]
+<<<<<<< HEAD
 +{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
 
 
 % add any further references or best practice documents here
+=======
+{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
+
+>>>>>>> upstream/master
 
 \item[How to test:]
 
@@ -52,10 +69,41 @@ show variables like '%ssl%';
 \end{description}
 
 
+%% ---------------------------------------------------------------------- 
+\subsubsection{DB2}
+\begin{description}
+\item[Tested with Version:] not tested
 
+\item[References:]
+{\small \url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html}}
 
 
-
+\paragraph*{ssl\_cipherspecs}\mbox{}\\
+In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
+\begin{lstlisting}[breaklines]
+# recommended and supported ciphersuites 
+
+db2 update dbm cfg using SSL_CIPHERSPECS 
+TLS_RSA_WITH_AES_256_CBC_SHA256,
+TLS_RSA_WITH_AES_128_GCM_SHA256,
+TLS_RSA_WITH_AES_128_CBC_SHA256,
+TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+TLS_RSA_WITH_AES_256_GCM_SHA384,
+TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+TLS_RSA_WITH_AES_256_CBC_SHA,
+TLS_RSA_WITH_AES_128_CBC_SHA,
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+
+<<<<<<< HEAD
 \subsubsection{DB2}
 \todo{write this}
 
@@ -68,10 +116,15 @@ show variables like '%ssl%';
 % http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html
 
 
+=======
+\end{lstlisting}
+>>>>>>> upstream/master
 
+\end{description}
 
+%% ---------------------------------------------------------------------- 
 
-\subsubsection{Postgresql}
+\subsubsection{PostgreSQL}
 
 \begin{description}
 \item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1
@@ -115,8 +168,3 @@ psql "sslmode=require host=postgres-server dbname=database" your-username
 
 \end{description}
 
-
-
-
-\subsubsection{Informix}
-\todo{write this}